It really depends on the apps.
Applications such as facebook will login over https using a secure TLS V1.2 connection. Here even on a public WiFi, it is not like your credentials can just be picked up by somebody else...
If the app is coded poorly it will transmit credentials over HTTP which is a cleartext format, here somebody on the same WiFi network is able to intercept the credentials (usernames and passwords) entered by you and all other traffic transmitted. Generally speaking on iPhone the majority of apps do not insecurely transmit credentials.
Features built into the iPhone such as the Mail app and iMessages app are fairly secure in their transmission of data.